Support serialization

jvazquez-r7 · jvazquez-r7 · commit 03740df931c3 · 2014-12-05T19:55:52.000-06:00
diff --git a/lib/rex/java/serialization/model/class_desc.rb b/lib/rex/java/serialization/model/class_desc.rb
@@ -37,7 +37,7 @@ def decode(io)
           # @raise [RuntimeError] if serialization doesn't succeed
           def encode
             encoded = ''
-            allowed_contents = [NullReference, NewClassDesc]
+            allowed_contents = [NullReference, NewClassDesc, Reference]
 
             unless allowed_contents.include?(description.class)
               raise ::RuntimeError, 'Failed to serialize ClassDesc'
diff --git a/lib/rex/java/serialization/model/contents.rb b/lib/rex/java/serialization/model/contents.rb
@@ -89,6 +89,8 @@ def encode_content(content)
               encoded << [TC_NULL].pack('C')
             when Rex::Java::Serialization::Model::Reset
               encoded << [TC_RESET].pack('C')
+            when Rex::Java::Serialization::Model::Reference
+              encoded << [TC_REFERENCE].pack('C')
             else
               raise ::RuntimeError, 'Failed to serialize content'
             end
diff --git a/lib/rex/java/serialization/model/field.rb b/lib/rex/java/serialization/model/field.rb
@@ -122,7 +122,9 @@ def is_valid?(code)
           #
           # @return [String]
           def encode_field_type
-            unless field_type.class == Java::Serialization::Model::Utf
+            allowed_contents = [Utf, Reference]
+
+            unless allowed_contents.include?(field_type.class)
               raise ::RuntimeError, 'Failed to serialize Field'
             end
 
@@ -137,9 +139,10 @@ def encode_field_type
           # @return [Java::Serialization::Model::Utf]
           # @raise [RuntimeError] if unserialization doesn't succeed
           def decode_field_type(io)
+            allowed_contents = [Utf, Reference]
             type = decode_content(io, stream)
 
-            unless type.class == Rex::Java::Serialization::Model::Utf || type.class == Rex::Java::Serialization::Model::Reference
+            unless allowed_contents.include?(type.class)
               raise ::RuntimeError, 'Failed to unserialize Field field_type'
             end
 
diff --git a/lib/rex/java/serialization/model/new_object.rb b/lib/rex/java/serialization/model/new_object.rb
@@ -52,7 +52,11 @@ def encode
             encoded << class_desc.encode
 
             class_data.each do |value|
-              encoded << encode_value(value)
+              if value.class == Array
+                encoded << encode_value(value)
+              else
+                encoded << encode_content(value)
+              end
             end
 
             encoded
@@ -91,7 +95,8 @@ def decode_class_fields(io, my_class_desc)
               if field.is_primitive?
                 values << decode_value(io, field.type)
               else
-                values << decode_content(io, stream)
+                content =  decode_content(io, stream)
+                values << content
               end
             end
 
diff --git a/lib/rex/java/serialization/model/reference.rb b/lib/rex/java/serialization/model/reference.rb
@@ -8,7 +8,7 @@ class Reference < Element
 
           def initialize(stream = nil)
             super(stream)
-            handler = 0
+            self.handler = 0
           end
 
           def decode(io)
@@ -21,6 +21,17 @@ def decode(io)
 
             self
           end
+
+          def encode
+            if handler < BASE_WIRE_HANDLE
+              raise ::RuntimeError, 'Failed to serialize Reference'
+            end
+
+            encoded = ''
+            encoded << [handler].pack('N')
+
+            encoded
+          end
         end
       end
     end
diff --git a/spec/lib/rex/java/serialization/model/stream_spec.rb b/spec/lib/rex/java/serialization/model/stream_spec.rb
@@ -24,6 +24,39 @@
   end
   let(:char_array_stream_io) { StringIO.new(char_array_stream) }
 
+  let(:complex_stream) do
+    "\xac\xed\x00\x05\x77\x22\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00" +
+    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" +
+    "\xf6\xb6\x89\x8d\x8b\xf2\x86\x43\x75\x72\x00\x18\x5b\x4c\x6a\x61" +
+    "\x76\x61\x2e\x72\x6d\x69\x2e\x73\x65\x72\x76\x65\x72\x2e\x4f\x62" +
+    "\x6a\x49\x44\x3b\x87\x13\x00\xb8\xd0\x2c\x64\x7e\x02\x00\x00\x70" +
+    "\x78\x70\x00\x00\x00\x01\x73\x72\x00\x15\x6a\x61\x76\x61\x2e\x72" +
+    "\x6d\x69\x2e\x73\x65\x72\x76\x65\x72\x2e\x4f\x62\x6a\x49\x44\xa7" +
+    "\x5e\xfa\x12\x8d\xdc\xe5\x5c\x02\x00\x02\x4a\x00\x06\x6f\x62\x6a" +
+    "\x4e\x75\x6d\x4c\x00\x05\x73\x70\x61\x63\x65\x74\x00\x15\x4c\x6a" +
+    "\x61\x76\x61\x2f\x72\x6d\x69\x2f\x73\x65\x72\x76\x65\x72\x2f\x55" +
+    "\x49\x44\x3b\x70\x78\x70\x0d\xc1\x1e\x2a\x94\x5e\x2f\xb2\x73\x72" +
+    "\x00\x13\x6a\x61\x76\x61\x2e\x72\x6d\x69\x2e\x73\x65\x72\x76\x65" +
+    "\x72\x2e\x55\x49\x44\x0f\x12\x70\x0d\xbf\x36\x4f\x12\x02\x00\x03" +
+    "\x53\x00\x05\x63\x6f\x75\x6e\x74\x4a\x00\x04\x74\x69\x6d\x65\x49" +
+    "\x00\x06\x75\x6e\x69\x71\x75\x65\x70\x78\x70\x80\x16\x00\x00\x01" +
+    "\x49\xb5\xe4\x92\x78\xd2\x4f\xdf\x47\x77\x08\x80\x00\x00\x00\x00" +
+    "\x00\x00\x01\x73\x72\x00\x12\x6a\x61\x76\x61\x2e\x72\x6d\x69\x2e" +
+    "\x64\x67\x63\x2e\x4c\x65\x61\x73\x65\xb0\xb5\xe2\x66\x0c\x4a\xdc" +
+    "\x34\x02\x00\x02\x4a\x00\x05\x76\x61\x6c\x75\x65\x4c\x00\x04\x76" +
+    "\x6d\x69\x64\x74\x00\x13\x4c\x6a\x61\x76\x61\x2f\x72\x6d\x69\x2f" +
+    "\x64\x67\x63\x2f\x56\x4d\x49\x44\x3b\x70\x78\x70\x00\x00\x00\x00" +
+    "\x00\x09\x27\xc0\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x72\x6d\x69" +
+    "\x2e\x64\x67\x63\x2e\x56\x4d\x49\x44\xf8\x86\x5b\xaf\xa4\xa5\x6d" +
+    "\xb6\x02\x00\x02\x5b\x00\x04\x61\x64\x64\x72\x74\x00\x02\x5b\x42" +
+    "\x4c\x00\x03\x75\x69\x64\x71\x00\x7e\x00\x03\x70\x78\x70\x75\x72" +
+    "\x00\x02\x5b\x42\xac\xf3\x17\xf8\x06\x08\x54\xe0\x02\x00\x00\x70" +
+    "\x78\x70\x00\x00\x00\x08\x6b\x02\xc7\x72\x60\x1c\xc7\x95\x73\x71" +
+    "\x00\x7e\x00\x05\x80\x01\x00\x00\x01\x49\xb5\xf8\x00\xea\xe9\x62" +
+    "\xc1\xc0"
+  end
+  let(:complex_stream_io) { StringIO.new(complex_stream) }
+
   describe ".new" do
     it "Rex::Java::Serialization::Model::Stream" do
       expect(stream).to be_a(Rex::Java::Serialization::Model::Stream)
@@ -36,6 +69,10 @@
     it "initializes version with java serialized stream default version " do
       expect(stream.version).to eq(Rex::Java::Serialization::STREAM_VERSION)
     end
+
+    it "initializes stream to nil by default" do
+      expect(stream.stream).to be_nil
+    end
   end
 
   describe "#decode" do
@@ -70,6 +107,22 @@
         expect(stream.contents[0]).to be_an(Rex::Java::Serialization::Model::NewArray)
       end
     end
+
+    context "when deserializing a complex stream with references" do
+      it "deserializes an Stream" do
+        expect(stream.decode(complex_stream_io)).to be_a(Rex::Java::Serialization::Model::Stream)
+      end
+
+      it "deserializes all the contents in the Stream" do
+        stream.decode(complex_stream_io)
+        expect(stream.contents.length).to eq(4)
+      end
+
+      it "deserializes object contents" do
+        stream.decode(complex_stream_io)
+        expect(stream.contents[3]).to be_a(Rex::Java::Serialization::Model::NewObject)
+      end
+    end
   end
 
   describe "#encode" do
@@ -119,6 +172,13 @@
         expect(stream.encode.unpack("C*")).to eq(char_array_stream.unpack("C*"))
       end
     end
+
+    context "when reserializing a complex stream" do
+      it "reserializes the original stream" do
+        stream.decode(complex_stream_io)
+        expect(stream.encode.unpack("C*")).to eq(complex_stream.unpack("C*"))
+      end
+    end
   end
 
 end
